Creating the Client ID and Client Secret for Google Authentication

When using Google verification with Connect for Chromebooks or the Google Sign-In button on SSL / non-SSL login pages, the Smoothwall Filter and Firewall must submit a valid client ID and client secret to be able to communicate with Google OAuth servers. This communication is to confirm that a user is indeed who they say they are.

If you already have a client ID and client secret, you can find them in the Google API Console on the Credentials page. Alternatively, if you need to create these, follow the procedure.

Disclaimer: The following instructions are correct at the time of writing. Google feature names and links might change over time.

Procedure

In the Google API console, set up OAuth with these settings. See the Google help topic, Setting up OAuth 2.0.

Application type: "Web application".

Name: Type an appropriate name for the credentials web application, for example, Smoothwall Login.

Authorized JavaScript origins:

Enter the URL of the Smoothwall appliance host name that Google should only accept OAuth requests from, suffixed with port 442.The URL used must be the host name of the Smoothwall which Chromebooks will resolve via DNS. If Chromebook Authentication is to be configured for external off-site access, the URL must have a public DNS record which resolves to the Smoothwall's external IP address.

If you are creating this project for Connect for Chromebooks, or for SSL login pages, or a combination of both, enter a HTTPS version of the Smoothwall URL, for example:

https://proxy.smoothtest.com:442

If you are creating this project for non-SSL login pages, enter a HTTP version of the Smoothwall URL without the port number, for example:

http://proxy.smoothtest.com

If you are creating this project for all three scenarios (Connect for Chromebooks, SSL login pages, and non-SSL login pages), enter both the HTTPS and HTTP versions of the URL:

https://proxy.smoothtest.com:442

http://proxy.smoothtest.com

Authorized redirect URIs:

Enter the URL that the Smoothwall Filter and Firewall will use to communicate with Google. Use the Smoothwall appliance host name and port number configured for Authorized JavaScript origins, with oauth2callback as the path. If you are creating this project for Connect for Chromebooks or for SSL login pages, or a combination of both, enter a HTTPS version of the Smoothwall URL, for example:https://proxy.smoothtest.com:442/oauth2callback If you are creating this project for non-SSL login pages, enter a HTTP version of the Smoothwall URL without the port number, for example:http://proxy.smoothtest.com/oauth2callback

If you are creating this project for all three scenarios (Connect for Chromebooks, SSL login pages, and non-SSL login pages), enter both the HTTPS and HTTP versions of the URL:

https://proxy.smoothtest.com:442/oauth2callback

http://proxy.smoothtest.com/oauth2callback

In the OAuth client dialog box, copy both the client ID and client secret.

Your web application's Restrictions should resemble these settings:

Follow-up tasks

If you haven't configured a consent screen previously, you can do this in the Google API Console. The consent screen opens whenever permission is needed to access users' data. See Google's help topic, User consent.

Add the client ID and client secret to the Smoothwall Filter and Firewall.